Markdown style consistency (#858)

Signed-off-by: Daniel Gray <dng@disroot.org>

docs/blog/2019/08/22/self-hosting-shadowsocks-vpn-outline.md

@@ -16,9 +16,11 @@ Please note that **like any VPN**, Outline/Shadowsocks cannot provide nearly the
 Outline is developed by Jigsaw, which is a subsidiary of Alphabet Inc (Google). It is important to note that neither Jigsaw nor Google can see your internet traffic when using Outline, because you will be installing the actual Outline Server on your own machine, not Google’s. Outline is completely open source and was audited in [2017](https://s3.amazonaws.com/outline-vpn/static_downloads/ros-report.pdf) by Radically Open Security and in [2018](https://s3.amazonaws.com/outline-vpn/static_downloads/cure53-report.pdf) by Cure53, and both security firms supported Jigsaw’s security claims. For more information on the data Jigsaw is able to collect when using Outline, see their [article on data collection](https://support.getoutline.org/s/article/Data-collection).
 
 ### Prerequisites
+
 All you will need to complete this guide is a computer running Windows, macOS, or Linux. You will also need to know some basic commands: [How to SSH](https://www.howtogeek.com/311287/how-to-connect-to-an-ssh-server-from-windows-macos-or-linux/) in to a server you purchase. We will also assume you know how to purchase and set up a Linux server with SSH access, more info in Step 2.
 
 ### Step 1 — Download & Install Outline Manager
+
 Outline allows you to setup and configure your servers from an easy-to-use management console called Outline Manager, which can be downloaded from [getoutline.org](https://getoutline.org). It has binaries available for Windows, macOS, and Linux.
 
 Simply download and install the Outline Manager application to your computer.
@@ -28,6 +30,7 @@ Simply download and install the Outline Manager application to your computer.
 Note: getoutline.org is blocked in China and likely other countries, however you can download the releases directly from [their GitHub page](https://github.com/Jigsaw-Code/outline-server/releases) as well.
 
 ### Step 2 — Choose a Server Provider
+
 Outline has the ability to create servers on three different providers automatically: DigitalOcean, Google Cloud, and Amazon Web Services. In some situations, Google Cloud or AWS may be preferable, because they are less likely to be blocked by hostile ISPs/governments and will therefore allow you to more likely circumvent internet censorship. However, keep in mind that the server provider you choose—like any VPN provider—will have the technical ability to read your internet traffic. This is much less likely to happen when using a cloud provider versus a commercial VPN, which is why we recommend self-hosting, but it is still possible. Choose a provider you trust.
 
 Additionally, keep in mind that many US-based cloud providers block all network traffic to and from [countries sanctioned by the United States](https://en.wikipedia.org/wiki/United_States_sanctions#Countries), including AWS and Google Cloud. Users in or visiting those countries may wish to find a European-based hosting provider to run their Outline Server on.
@@ -39,6 +42,7 @@ Finally, if you want to go with DigitalOcean you can use my affiliate link to re
 For this guide we are not going to use an automatic provider in Outline Manager, rather we will manually configure a Linux server. We are using Debian 10. Other distros may work as well, but you may need to install Docker manually.
 
 ### Step 3 — Configure Your Server
+
 First, we need to update our system and install `curl`. Connect to your server via SSH and enter the following commands:
 
 Next open Outline Manager on your local machine and you should be given 4 options to configure a server. Select the “Set Up” button under the “Advanced, Set up Outline anywhere” option.
@@ -52,14 +56,15 @@ Connect to your server over SSH and paste the code from above in the Outline Man
 After it completes, it will give you a long line starting with `{"apiUrl"` (depending on your Terminal’s color support it will appear as green). Copy that line, and paste it in the second box back in Outline Manager. Then, click “Done”.
 
 ### Step 4 — Connect Your Devices
+
 Download the Outline app on the device you want to connect. Outline has applications for the following operating systems:
 
- * [Android](https://play.google.com/store/apps/details?id=org.outline.android.client)
- * [iOS](https://apps.apple.com/app/id1356177741)
- * [Windows](https://raw.githubusercontent.com/Jigsaw-Code/outline-releases/master/client/stable/Outline-Client.exe)
- * [macOS](https://apps.apple.com/app/id1356178125)
- * [Chrome OS](https://play.google.com/store/apps/details?id=org.outline.android.client)
- * [Linux](https://raw.githubusercontent.com/Jigsaw-Code/outline-releases/master/client/stable/Outline-Client.AppImage)
+* [Android](https://play.google.com/store/apps/details?id=org.outline.android.client)
+* [iOS](https://apps.apple.com/app/id1356177741)
+* [Windows](https://raw.githubusercontent.com/Jigsaw-Code/outline-releases/master/client/stable/Outline-Client.exe)
+* [macOS](https://apps.apple.com/app/id1356178125)
+* [Chrome OS](https://play.google.com/store/apps/details?id=org.outline.android.client)
+* [Linux](https://raw.githubusercontent.com/Jigsaw-Code/outline-releases/master/client/stable/Outline-Client.AppImage)
 
 You should also be able to use any [Shadowsocks client](https://shadowsocks.org/en/download/clients.html), including alternative clients for each operating system and a client for OpenWRT routers. And like with the Manager, you can download Outline releases from [their GitHub page](https://github.com/Jigsaw-Code/outline-client/releases) as well.
 
@@ -68,6 +73,7 @@ Back in Outline Manager, select your server in the sidebar. On the far right sid
 Once you add your server, that’s it! In the Outline clients it’s just a matter of pressing “Connect”, and all your traffic will be proxied through your server! You can use this connection to keep your traffic safe when you’re on public WiFi networks, or just to keep your browsing hidden from your ISP.
 
 ### Conclusion
+
 That should be all you need to get your very own VPN up and running! **Do not share your access key with anyone**, this is the key starting with `ss://`. If you want to grant other users access to your server, click “Add a new key” in Outline Manager and give them a new, unique key. If you share a key, anyone with knowledge of that key will be able to see all the traffic of anyone else using the key. It should go without saying, but don’t send people keys over unencrypted channels: No Facebook Messenger, no emails. Stick with [Signal, Wire, or Briar](/real-time-communication) if you don’t have a secure app already.
 
 With Outline, there is no need to worry about the security of your server. Everything is set to automatically update with no intervention required! Another thing to note: The port on your Outline server is randomly generated. This is so the port can’t be easily blocked by nation/ISP level censors, however, this VPN may not function on some networks that only allow access to port 80/443, or on servers that only allow traffic on certain ports. These are edge-cases, but something to keep in mind, and if they apply you may need to look for more technical options.

docs/blog/2019/10/05/understanding-vpns.md

@@ -18,6 +18,7 @@ Furthermore, this doesn't only happen at your home. Every network you connect to
 Fortunately, more and more websites are beginning to use HTTPS, thanks to free certificates from Let's Encrypt and Cloudflare. But many sites still don't (at least by default), and even HTTPS doesn't solve the problem that your ISP can see the websites you're visiting.
 
 ## How VPNs can protect us
+
 Luckily, you can hide all this information from your ISP using a VPN. Instead of letting your ISP see all the websites you visit, VPNs only let them see that you are connected (using an **encrypted** connection) to the VPN provider's servers.
 
 *Basically, instead of connecting directly to the Internet, you connect to one of your VPN providers’ servers, which connects you to the Internet.*
@@ -25,6 +26,7 @@ Luckily, you can hide all this information from your ISP using a VPN. Instead of
 So, `you <----> Internet` becomes `you <----> VPN <----> Internet` and your ISP can only see the `you <----> VPN` part.
 
 ## More ways VPNs can protect us
+
 So VPNs are pretty handy, but hiding your traffic from your ISP isn't the only advantage a VPN provides.
 
 Did you know that if you’re on a public Wi-Fi network, <mark>anyone connected to the same network can see as much as your ISP can</mark>? Obviously, this isn’t an issue at home, unless you have very creepy neighbors and an open Wi-Fi network. However, it is a problem in public places with Wi-Fi, such as cafés.
@@ -38,6 +40,7 @@ This also provides an added side-benefit: Most VPN providers have servers in man
 But even if you use a different IP address than your “normal” one,  isn’t it still personally identifiable? Nope. Many people use the same  server, letting the websites you visit see only that you’re using the  same VPN as many other people.
 
 ## Drawbacks of a VPN
+
 But VPNs aren't all powerful tools to protect your privacy. In fact, there are a number of glaring issues that should not be overlooked when making the decision to use one.
 
 Most importantly, using a VPN only *shifts* the power to view your traffic from your ISP to the VPN provider itself. That means that all the traffic your ISP used to be able to see, your VPN provider will still be able to. Therefore, choosing a trustworthy VPN is important. Many will be able to find a provider that they can trust more than their ISP, but some may not.
@@ -47,6 +50,7 @@ Using a commercial VPN provider is almost like entrusting your data to a black b
 Finally, using a VPN will not make you anonymous in any way. Your VPN provider or especially dedicated attackers will be able to trace a connection back to you fairly trivially. Your VPN provider will also likely have a money trail leading back to you.
 
 ## So what?
+
 If you're looking for perfect anonymity, there are better options. Software like the Tor Browser provides privacy and anonymity *by design*, whereas VPNs provide privacy based on trust alone. You cannot rely on "no logging" claims to protect you.
 
 If you just need protection on a public Wi-Fi network, from your ISP, or just from copyright warnings in the mail, a VPN might be the solution for you.

docs/blog/2019/10/30/choosing-a-vpn.md

@@ -7,6 +7,7 @@ template: overrides/blog.html
 So [you know what a VPN is](/blog/2019/10/05/understanding-vpns), but there are so many options to choose from! Well before we dive into this, let's get one thing off the bat:
 
 ## Avoid Free VPNs
+
 Privacy-respecting VPNs can provide their service because you pay them for it. Free VPNs are **worse** than your ISP when it comes to respecting your privacy, because **selling your data is the only way they can make money**, whereas an ISP is primarily paid for by you.
 
 > If you’re not paying for it, you’re the product.
@@ -14,49 +15,56 @@ Privacy-respecting VPNs can provide their service because you pay them for it. F
 This isn't to say all paid VPNs automatically become trustworthy, far from it. In fact many paid VPN providers have been known to or suspected to have sold their users' data or have done some otherwise shady things with it. Always completely evaluate the VPN provider you choose, rather than just take theirs or anyone else's word for it. The main takeaway here is that it is impossible to provide a service like a VPN — which requires servers, bandwidth, time, and energy to maintain — for free for thousands of users, without having some sort of other monetization model.
 
 ## Choosing a VPN
+
 Alright, now we can get into it. The first thing we need to decide is _why_ exactly you need a VPN. Most people will fall into the following two camps:
 
 ### 1. Avoiding Geographical Restrictions
+
 Maybe you want to watch BBC online, possibly avoid creeps at cafés, but don’t really care about your VPN logging your traffic — just like your ISP does.
 
 **Therefore**: You want a VPN with servers in countries like US, UK — basically where services like Netflix work. (Tip: Netflix is continually banning VPNs, so be sure to use one that isn’t blocked. You might want to look into the [r/NetflixViaVPN](https://www.reddit.com/r/NetflixViaVPN) Subreddit for help with this one).
 
 ### 2. Maximizing Your Privacy Online
+
 Being **Privacy** Guides, this is the big one for us. If you really care about your privacy, you'll want to look for a provider that at the very least does the following:
 
- * Supports modern technologies like OpenVPN or WireGuard.
- * Accepts anonymous payments like cash, gift cards, or cryptocurrencies.
- * Provides strong, future-proof encryption for their connections.
- * And, is public about their leadership and ownership.
+* Supports modern technologies like OpenVPN or WireGuard.
+* Accepts anonymous payments like cash, gift cards, or cryptocurrencies.
+* Provides strong, future-proof encryption for their connections.
+* And, is public about their leadership and ownership.
 
 These 4 points should always be considered when you're evaluating a VPN provider. Additionally, note what jurisdiction the provider is incorporated in, and where their servers are located. This is probably the most important factor to consider, and also the most time-consuming, as privacy laws in various countries vary wildly.
 
 Let me explain what these points mean exactly in more detail, so you know what to look for.
 
 ## Modern Technology
+
 You should be able to connect to your VPN with any **OpenVPN** client. L2TP, PPTP, and IPSec are all insecure technologies that should not be used. A new technology called **WireGuard** looks very promising, but is still in active development and not recommended for use.
 
 While we're looking at technology, take a look at whether your provider has their own client for you to download and connect with. These applications usually make using your VPN a lot simpler, and sometimes safer. If they do, ask the following questions:
 
- * **Is this client open-source?** Having an open-source client is important because it allows you or anyone else to audit the code and see exactly what's happening. Closed source clients are essentially a black box you'd be putting all your data into, not the best idea!
- * **Does the client have a killswitch?** Not many generic OpenVPN clients come with this functionality, but many custom VPN clients will. A killswitch option allows you to completely disable your internet connection when the VPN is disconnected. This will make sure that you don't accidentally connect to the internet with your ISP's connection.
+* **Is this client open-source?** Having an open-source client is important because it allows you or anyone else to audit the code and see exactly what's happening. Closed source clients are essentially a black box you'd be putting all your data into, not the best idea!
+* **Does the client have a killswitch?** Not many generic OpenVPN clients come with this functionality, but many custom VPN clients will. A killswitch option allows you to completely disable your internet connection when the VPN is disconnected. This will make sure that you don't accidentally connect to the internet with your ISP's connection.
 
 ## Anonymous Payments
+
 This one's an easy one. Take a look at how you're able to pay for your provider's subscription. Some providers will take cash in the mail as payment, a great way to pay without leaving a digital money trail. Others will allow you to pay with gift cards from major retailers like Amazon, Target, and Wal-Mart (which you can hopefully obtain anonymously with cash, replacing the mail middleman from before). Still others will accept various cryptocurrencies.
 
 If not leaving a money trail is important, you'll want to make sure you aren't paying with something linked to you financially, like a credit or debit card, or PayPal. If your provider doesn't accept the payment forms above, you aren't entirely out of luck however. You can still use a prepaid debit card to pay for things as anonymously as possible. But consider: If your provider isn't dedicated to making easy, anonymous payment alternatives available to you, how focused are they on your privacy?
 
 ## Strong Security
+
 Most providers using OpenVPN will also be using strong encryption methods, but still make sure you double-check before choosing a provider. What you'll want to look for from your provider at a minimum is:
 
- * **RSA-2048 encryption.** Ideally, they should support RSA-4096 connections, for maximum security.
- * **Perfect Forward Secrecy (PFS).** This technology makes each VPN session use a different key every time, so that if an attacker manages to decrypt one of your connections, they won't also be able to see all your other data.
+* **RSA-2048 encryption.** Ideally, they should support RSA-4096 connections, for maximum security.
+* **Perfect Forward Secrecy (PFS).** This technology makes each VPN session use a different key every time, so that if an attacker manages to decrypt one of your connections, they won't also be able to see all your other data.
 
 In addition, look into whether your provider has ever had their security practices audited by an independent third-party. For example, TunnelBear [publishes](https://cure53.de/summary-report_tunnelbear_2018.pdf) yearly audits of their entire service, or Mullvad, which has [published](https://cure53.de/pentest-report_mullvad_v2.pdf) a comprehensive security audit of their client applications.
 
 Independent audits are important because, while ultimately the actual security of the service will come down to _trusting_ the providers, a successful security audit demonstrates that the provider at least has the _capability_ to provide you with a secure connection, instead of just taking their claims at face value.
 
 ## Public Trust
+
 You want to remain private, but your provider shouldn't. If your provider is hiding their ownership information and their leadership from you behind some Panamanian shell company, what other business practices might they be hiding?
 
 > You wouldn't trust your finances to someone with a fake identity, so why trust them with your internet data?
@@ -66,6 +74,7 @@ Find out where your choice is incorporated. Who owns it? What other companies ha
 Frequent transparency reports are a huge plus too. They should publish information related to government requests, so you know what their responses look like. All VPN providers will need to respond to legitimate legal requests, but does your choice reject or counter as many as possible?
 
 ## So what next?
+
 If you're currently using a commercial VPN, use this information to evaluate their business. Do they seem trustworthy?
 
 At Privacy Guides we've [evaluated](/vpn) a huge number of VPN providers along similar criteria to these. In our opinion, as of October 2019, Mullvad leads the pack with respect to all these criteria, with IVPN and ProtonVPN falling just slightly behind but catching up quickly. There are still a huge number of providers out there, however. The way to find the best solution for you, is by researching providers with _your_ criteria in mind.

docs/blog/2019/11/09/firefox-privacy.md

@@ -16,22 +16,27 @@ Firefox is fantastic out of the box, but where it really shines is customizabili
 Before we get started, there's a couple things that should be noted that are not only applicable to this guide, but privacy in general:
 
 ## Considerations
+
 Protecting your privacy online is a tricky proposition, there are so many factors to take into consideration on an individual basis for any one guide or site to cover comprehensively. You will need to take into account things like threat modeling and your general preferences before making any changes or following any recommendations.
 
 ### Threat Modeling
+
 *What is [threat modeling](/threat-modeling/)?* Consider who you're trying to keep your data hidden from. Do you need to keep your information hidden from the government, or just the average stranger? Maybe you're just looking for alternatives to Big Tech Corporations like Google and Facebook. You'll also want to consider how much time and resources you want to spend hiding your data from those "threats". Some solutions might not be feasible from a financial or time standpoint and you'll have to make compromises. Taking all those questions into account creates a basic *threat model* for you to work with.
 
 We want to publish a more complete guide on threat modeling in the future, so stay tuned to this blog for further updates. But for now, just keep those thoughts in the back of your mind as we go through this article. Not every solution might be for you, or conversely you may need to pay more attention to certain areas we aren't able to cover completely.
 
 ### Browser Fingerprinting
+
 Another consideration is your browser's fingerprint. When you visit a web page, your browser voluntarily sends information about its configuration, such as available fonts, browser type, and add-ons. If this combination of information is unique, it may be possible to identify and track you without using more common tracking tools, like cookies.
 
 That's right, add-ons contribute to your fingerprint. Another thing a lot of people miss when they are setting up their browser is that <mark>more is not always the best solution to your problems</mark>. You don't need to use every add-on and tweak that offers privacy, and the more you configure the greater chance there is that your browser will appear more unique to websites. Think about your specific situation and pick and choose the add-ons and tweaks we recommend only if you think they will help *you*.
 
 ## Firefox Privacy Settings
+
 We'll start off with the easy solutions. Firefox has a number of privacy settings built in, no add-ons necessary! Open your *Options* page (*Preferences* on macOS) and we'll go through them one at a time.
 
 ### DNS over HTTPS
+
 DNS (or the Domain Name System) is what your browser uses to turn domain names like `privacyguides.org` into IP addresses like `145.239.169.56`. Because computers can only make connections to IP addresses, it's necessary to use DNS every time you visit a new domain. But DNS is unencrypted by default, that means everyone on your network (including your ISP) can view what domains you're looking up, and in some situations even change the IP answers to redirect you to their own websites! Encrypting your DNS traffic can shield your queries and add some additional protection to your browsing.
 
 Encrypted DNS takes many forms: DNS over HTTPS (DoH), DNS over TLS, DNSCrypt, etc., but they all accomplish the same thing. They keep your DNS queries private from your ISP, and they make sure they aren't tampered with in transit between your DNS provider. Fortunately, Firefox recently added native DoH support to the browser. On the **General** page of your preferences, scroll down to and open **Network Settings**. At the bottom of the window you will be able to select "Enable DNS over HTTPS" and choose a provider:
@@ -43,6 +48,7 @@ Keep in mind that by using DoH you're sending all your queries to a single provi
 It should also be noted that even with DoH, your ISP will still be able to see what domain you're connecting to because of a technology called Server Name Indication (SNI). Until SNI is encrypted as well, there's no getting around it. Encrypted SNI (eSNI) is in the works — and can actually be [enabled on Firefox](https://blog.cloudflare.com/encrypt-that-sni-firefox-edition/) today — but it only works with a small number of servers, mainly ones operated by Cloudflare, so its use is limited currently. Therefore, while DoH provides some additional privacy and integrity protections, its use as a privacy tool is limited until other supplemental tools like eSNI and [DNSSEC](https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en) are finalized and implemented.
 
 ### Change Your Search Engine
+
 This is an easy one. In the Search tab, change your Default Search Engine to something other than Google.
 
 ![Screenshot of the search engine preferences](/assets/img/blog/firefox-privacy-2.png){:.img-fluid .w-75 .mx-auto .d-block}
@@ -50,6 +56,7 @@ This is an easy one. In the Search tab, change your Default Search Engine to som
 Out of the built-in options, DuckDuckGo is the most privacy respecting service, but there's a number of [search engines we would recommend](https://privacyguides.org/providers/search-engines/) that can be easily installed as well.
 
 ### Enhanced Tracking Protection
+
 Now we'll delve into the biggest set of options for people like us, Firefox's Privacy & Security tab. First up is their Enhanced Tracking Protection. This set of filters is set to *Standard* by default, but we'll want to change it to *Strict* for more comprehensive coverage.
 
 ![Screenshot of strict tracking protection enabled](/assets/img/blog/firefox-privacy-3.png){:.img-fluid .w-75 .mx-auto .d-block}
@@ -63,11 +70,13 @@ Disabling Enhanced Tracking Protection will of course decrease your privacy on t
 Another benefit of Firefox's Enhanced Tracking Protection is that it can actually speed up your browsing! Advertising networks and social media embeds can sometimes make your browser download huge files just to show an ad or a like button, and blocking those out trims the fat, in a sense.
 
 ### Disabling Telemetrics
+
 When you use Firefox, Mozilla collects information about what you do, what kind of extensions you have installed, and various other aspects of your browser. While they claim to do this in a privacy-respecting way, sending as little data as possible is always preferred from a privacy standpoint, so we would go ahead and uncheck all the boxes under **Firefox Data Collection and Use** just to be safe.
 
 ![Screenshot of Firefox data collection checkboxes](/assets/img/blog/firefox-privacy-5.png){:.img-fluid .w-75 .mx-auto .d-block}
 
 ### Clearing Cookies and Site Data
+
 This one is for more advanced users, so if you don't understand what this is doing you can skip this section. Firefox provides the option to delete all your cookies and site data every time Firefox is closed. Cookies and site data are little pieces of information sites store in your browser, and they have a myriad of uses. They are used for things like keeping you logged in and saving your website preferences, but they also can be used to track you across different websites. By deleting your cookies regularly, your browser will appear clean to websites, making you harder to track.
 
 ![Screenshot of cookies and site data](/assets/img/blog/firefox-privacy-6.png){:.img-fluid .w-75 .mx-auto .d-block}
@@ -75,6 +84,7 @@ This one is for more advanced users, so if you don't understand what this is doi
 This will likely log you out of websites quite often, so make sure that's an inconvenience you're willing to put up with for enhanced privacy.
 
 ## Firefox Privacy Add-ons
+
 Of course, just the browser settings alone won't go quite far enough to protect your privacy. Mozilla has made a lot of compromises in order to provide a more functional browsing experience for the average user, which is completely understandable. But, we can take it even further with some browser add-ons that prevent tracking and make your experience more private and secure.
 
 There are a number of [fantastic add-ons for Firefox](https://privacyguides.org/browsers/#addons), but they aren't all necessary for everyone. Some of them provide redundant functionality to each other, and some of them accomplish similar tasks to the settings we've enabled above.
@@ -83,16 +93,18 @@ When you are installing add-ons for Firefox, consider whether you actually need
 
 Keeping all that in mind, there are three add-ons I would consider necessary for virtually every user:
 
- * uBlock Origin
- * HTTPS Everywhere
- * Decentraleyes
+* uBlock Origin
+* HTTPS Everywhere
+* Decentraleyes
 
 Out of the box, these add-ons only complement the settings we've described in this article already, and they have sane defaults that won't break the sites you visit.
 
 ### uBlock Origin
+
 [**uBlock Origin**](https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/) is an efficient ad- and tracker-blocker that is easy on memory, and yet can load and enforce thousands more filters than competing blockers. We trust it because it is completely open-source. Additionally, unlike its competitors it has no monetization strategy: There's no "Acceptable" ads program or a similar whitelist like many other adblockers feature.
 
 ### HTTPS Everywhere
+
 HTTPS is the secure, encrypted version of HTTP. When you see an address starting with https:// along with the padlock in your browser's address bar, you know that your connection to the website is completely secure. This is of course important when you're logging into websites and sending your passwords and emails in a form. But it also prevents people on your network and your ISP from snooping in on what you're reading, or changing the contents of an unencrypted webpage to whatever they want.
 
 Therefore, [**HTTPS Everywhere**](https://addons.mozilla.org/en-US/firefox/addon/https-everywhere) is a must-have extension, all it does is upgrade your HTTP connections to HTTPS wherever possible. And because it works silently in the background, you probably will never notice it! We trust HTTPS Everywhere because it is completely open-source, and is developed by the [Electronic Frontier Foundation](https://www.eff.org/https-everywhere), a non-profit dedicated to private and secure technologies.
@@ -100,17 +112,21 @@ Therefore, [**HTTPS Everywhere**](https://addons.mozilla.org/en-US/firefox/addon
 Of course, it only works with sites that support HTTPS on the server's side, so you'll still need to keep an eye on your address bar to make sure you're securely connected. But fortunately more and more websites have implemented HTTPS, thanks to the advent of free certificates from organizations like Let's Encrypt.
 
 ### Decentraleyes
+
 When you connect to many websites, your browser is most likely making connections to a myriad of "Content Delivery Networks" like Google Fonts, Akamai, and Cloudflare, to download fonts and Javascript that make the website run. This generally makes websites look and feel better, but it means you're constantly making connections to these servers, allowing them to build a fairly accurate tracking profile of you.
 
 [**Decentraleyes**](https://addons.mozilla.org/en-US/firefox/addon/decentraleyes) works by impersonating those CDNs locally in your browser. When a website wants to download a program like jQuery, instead of connecting to a remote CDN Decentraleyes will serve the file from its own cache of files. This means that you'll won't have to make remote CDN connections for the files that Decentraleyes supports, and therefore the remote CDNs can't track your browser. Decentraleyes may even speed up your browsing, because everything is stored locally instead of on a far-away server. Everything happens instantly, and you won't see a difference in the websites you visit.
 
 ### Additional Firefox Privacy Add-ons
+
 There is of course more functionality that can be achieved at the expense of more time spent configuring your browser and reduced website functionality. If you're looking for the most privacy options possible however, they may be for you. Check out the page on [Browser add-ons at Privacy Guides](https://privacyguides.org/browsers/#addons) for further information and additional resources.
 
 ## More Privacy Functionality
+
 Firefox has developed a number of other privacy tools that can be used to enhance your privacy or security. They may be worth looking into, but they have some drawbacks that would prevent me from recommending them outright.
 
 ### Firefox Private Network
+
 **Firefox Private Network** is a new extension developed by Mozilla that serves as a [Virtual Private Network](/blog/2019/10/05/understanding-vpns) (VPN), securing you on public WiFi networks and other situations where you might trust Mozilla more than the ISP or network administrator. It is free in beta, but will likely be available at some subscription pricing once the test pilot ends.
 
 Firefox Private Network is still just a VPN, and there are a number of drawbacks you would want to consider before using it. Ultimately, your VPN provider of choice will be able to see your web traffic. All you are accomplishing is shifting the trust from your network to the VPN provider, in this case *Cloudflare*, the operators behind this service.
@@ -122,14 +138,17 @@ And finally, Cloudflare and Mozilla are both US companies. There are a number of
 If you require a Virtual Private Network, we would look elsewhere. There are a number of [good VPN providers](https://privacyguides.org/providers/vpn/) like Mullvad that will provide a better experience at a low cost.
 
 ### Multi-Account Containers
+
 Mozilla has an in-house add-on called [**Multi-Account Containers**](https://support.mozilla.org/en-US/kb/containers) that allows you to isolate websites from each other. For example, you could have Facebook in a container separate from your other browsing. In this situation, Facebook would only be able to set cookies with your profile on sites within the container, keeping your other browsing protected.
 
 A containers setup may be a good alternative to techniques like regularly deleting cookies, but requires a lot of manual intervention to setup and maintain. If you want complete control of what websites can do in your browser, it's definitely worth looking into, but we wouldn't call it a necessary addition by any means.
 
 ## Additional Resources
+
 [ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js) — For more advanced users, the ghacks user.js is a "configuration file that can control hundreds of Firefox settings [...] which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage".
 
 [Mozilla's Privacy Policy](https://www.mozilla.org/en-US/privacy/) — Of course, we always recommend reading through the privacy statement of any organization you deal with, and Mozilla is no exception.
 
 ## Firefox Privacy Summary
+
 In conclusion, we believe that Firefox is the most promising browser for privacy-conscious individuals. The non-profit behind it seems truly dedicated to promoting user control and privacy, and the good defaults coupled with the sheer customizability of the browser allow you to truly protect your information when you browse the web.

docs/blog/2021/09/14/welcome-to-privacy-guides.md

@@ -17,11 +17,13 @@ We chose the name Privacy Guides because it represents two things for us as an o
 As a name, it moves us past recommendations of various tools and focuses us more on the bigger picture. We want to provide more  _education_ — rather than  _direction_ — surrounding privacy-related topics. You can see the very beginnings of this work in our new page on  [threat modeling](https://privacyguides.org/threat-modeling/), or our [VPN](https://privacyguides.org/providers/vpn/) and [Email Provider](https://privacyguides.org/providers/email/)  recommendations, but this is just the start of what we eventually hope to accomplish.
 
 ### Website Development
+
 Our project has always been community-oriented and open-sourced. The source code for PrivacyTools is currently archived at [https://github.com/privacytools/privacytools.io](https://github.com/privacytools/privacytools.io). This repository will remain online as an archive of everything on PrivacyTools up to this transition.
 
 The source code for our new website is available at [https://github.com/privacyguides/privacyguides.org](https://github.com/privacyguides/privacyguides.org). All updates from PrivacyTools have been merged into this new repository, and this is where all future work will take place.
 
 ### Services
+
 PrivacyTools also runs a number of online services in use by many users. Some of these services are federated, namely Mastodon, Matrix, and PeerTube. Due to the technical nature of federation, it is impossible for us to change the domain name on these services, and because we cannot guarantee the future of the privacytools.io domain name we will be shutting down these services in the coming months.
 
 We strongly urge users of these services to migrate to alternative providers in the near future. We hope that we will be able to provide enough time to make this as seamless of a transition as possible for our users.
@@ -33,11 +35,13 @@ Other services being operated by PrivacyTools currently will be discontinued. Th
 Our future direction for online services is uncertain, but will be a longer-term discussion within our community after our work is complete on this initial transition. We are very aware that whatever direction we move from here will have to be done in a way that is sustainable in the very long term.
 
 ### r/PrivacyGuides
+
 PrivacyTools has a sizable community on Reddit, but to ensure a unified image we have created a new Subreddit at [r/PrivacyGuides](https://www.reddit.com/r/PrivacyGuides/) that we encourage all Reddit users to join.
 
 In the coming weeks our current plan is to wind down discussions on r/privacytoolsIO. We will be opening r/PrivacyGuides to lots of the discussions most people are used to shortly, but encouraging general “privacy news” or headline-type posts to be posted on [r/Privacy](https://www.reddit.com/r/privacy/)  instead. In our eyes, r/Privacy is the “who/what/when/where” of the privacy community on Reddit, the best place to find the latest news and information; while r/PrivacyGuides is the “how”: a place to share and discuss tools, tips, tricks, and other advice. We think focusing on these strong points will serve to strengthen both communities, and we hope the good moderators of r/Privacy agree :)
 
 ### Final Thoughts
+
 The former active team at PrivacyTools universally agrees on this direction towards Privacy Guides, and will be working exclusively on Privacy Guides rather than any “PrivacyTools” related projects. We intend to redirect PriavcyTools to new Privacy Guides properties for as long as possible, and archive existing PrivacyTools work as a pre-transition snapshot.
 
 Privacy Guides additionally welcomes back PrivacyTools’ former sysadmin [Jonah](https://twitter.com/JonahAragon), who will be joining the project’s leadership team.
@@ -50,9 +54,9 @@ We are all very excited about this new brand and direction, and hope to have you
 
 **_Privacy Guides_** _is a socially motivated website that provides information for protecting your data security and privacy._
 
- * [Join r/PrivacyGuides on Reddit](https://www.reddit.com/r/privacyguides)
- * [Follow @privacy_guides on Twitter](https://twitter.com/privacy_guides)
- * [Collaborate with us on GitHub](https://github.com/privacyguides/privacyguides.org)
- * [Join our chat on Matrix](https://matrix.to/#/#privacyguides:aragon.sh)
+* [Join r/PrivacyGuides on Reddit](https://www.reddit.com/r/privacyguides)
+* [Follow @privacy_guides on Twitter](https://twitter.com/privacy_guides)
+* [Collaborate with us on GitHub](https://github.com/privacyguides/privacyguides.org)
+* [Join our chat on Matrix](https://matrix.to/#/#privacyguides:aragon.sh)
 
 The contact for this story is Jonah, who is reachable on Twitter [@JonahAragon](https://twitter.com/JonahAragon), Matrix [@jonah:aragon.sh](https://matrix.to/#/@jonah:aragon.sh), or Signal 763-308-5533.

docs/blog/2021/12/01/firefox-privacy-2021-update.md

@@ -11,9 +11,11 @@ A lot changed between 2019 and now, not least in regards to Firefox. Since our l
 Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated [browser](https://privacyguides.org/browsers/) section. If you've got an old browser profile we suggest **creating a new one**. Some of the old advice may make your browser *more* unique.
 
 #### Privacy Tweaks "about:config"
+
 We're no longer recommending that users set `about:config` switches manually. Those switches need to be up to date and continuously maintained. They should be studied before blindly making modifications. Sometimes their behaviour changes in between Firefox releases, is superseded by other keys or they are  removed entirely. We do not see any point in duplicating the efforts of the community [Arkenfox](https://github.com/arkenfox/user.js) project. Arkenfox has very good documentation in their [wiki](https://github.com/arkenfox/user.js/wiki) and we use it ourselves.
 
 #### LocalCDN and Decentraleyes
+
 These extensions aren't required with Total Cookie Protection (TCP), which is enabled if you've set Enhanced Tracking Protection (ETP) to **Strict**.
 
 Replacing scripts on CDNs with local versions is not a comprehensive solution and is a form of [enumeration of badness](https://www.ranum.com/security/computer_security/editorials/dumb/). While it may work with some scripts that are included it doesn't help with most other third-party connections.
@@ -21,20 +23,25 @@ Replacing scripts on CDNs with local versions is not a comprehensive solution an
 CDN extensions never really improved privacy as far as sharing your IP address was concerned and their usage is fingerprintable as this Tor Project developer [points out](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22089#note_2639603). They are the wrong tool for the job and are not a substitute for a good VPN or Tor. Its worth noting the [resources](https://git.synz.io/Synzvato/decentraleyes/-/tree/master/resources) for Decentraleyes are hugely out of date and would not be likely used anyway.
 
 #### NeatURLs and ClearURLS
+
 Previously we recommended ClearURLs to remove tracking parameters from URLs you might visit. These extensions are no longer needed with uBlock Origin's [`removeparam`](https://github.com/gorhill/uBlock/wiki/Static-filter-syntax#removeparam) feature.
 
 #### HTTPS Everywhere
+
 The EFF announced back in September they were [deprecating HTTPS-Everywhere](https://www.eff.org/deeplinks/2021/09/https-actually-everywhere) as most browsers now have an HTTPS-Only feature. We are pleased to see privacy features built into the browser and Firefox 91 introduced [HTTPS by Default in Private Browsing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-https-by-default-in-private-browsing/).
 
 #### Multi Account Containers and Temporary Containers
+
 Container extensions aren't as important as they used to be for privacy now that we have [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/).
 
 Multi Account Container will still have some use if you use [Mozilla VPN](https://en.wikipedia.org/wiki/Mozilla_VPN) as it is going to be [integrated](https://github.com/mozilla/multi-account-containers/issues/2210) allowing you to configure specified containers to use a particular VPN server. Another use might be if you want to login to multiple accounts on the same domain.
 
 #### Just-In-Time Compilation (JIT)
+
 What is "Disable JIT" in Bromite? This option disables the JavaScript performance feature [JIT](https://en.wikipedia.org/wiki/Just-in-time_compilation). It can increase security but at the cost of performance. Those trade-offs vary wildly and are explored in [this](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/) publication by Johnathan Norman from the Microsoft Edge team. This option is very much a security vs performance option.
 
 #### Mozilla browsers on Android
+
 We don't recommend any Mozilla based browsers on Android. This is because we don't feel that [GeckoView](https://mozilla.github.io/geckoview) is quite as secure as it could be as it doesn't support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture), soon to be coming in desktop browsers or [isolated processes](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
 
 We also noticed that there isn't an option for [HTTPS-Only mode](https://github.com/mozilla-mobile/fenix/issues/16952#issuecomment-907960218). The only way to get something similar is to install the [deprecated](https://www.eff.org/deeplinks/2021/09/https-actually-everywhere) extension [HTTPS Everywhere](https://www.eff.org/https-everywhere).
@@ -42,6 +49,7 @@ We also noticed that there isn't an option for [HTTPS-Only mode](https://github.
 There are places which Firefox on Android shines for example browsing news websites where you may want to *partially* load some JavaScript (but not all) using medium or hard [blocking mode](https://github.com/gorhill/uBlock/wiki/Blocking-mode). The [reader view](https://support.mozilla.org/en-US/kb/view-articles-reader-view-firefox-android) is also pretty cool. We expect things will change in the future, so we're keeping a close eye on this.
 
 #### Fingerprinting
+
 Firefox has the ability to block known third party [fingerprinting resources](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/). Mozilla has [advanced protection](https://support.mozilla.org/kb/firefox-protection-against-fingerprinting) against fingerprinting (RFP is enabled with Arkenfox).
 
 We do not recommend extensions that promise to change your [browser fingerprint](https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead/). Some of those extensions [are detectable](https://www.cse.chalmers.se/~andrei/codaspy17.pdf) by websites through JavaScript and [CSS](https://hal.archives-ouvertes.fr/hal-03152176/file/style-fingerprinting-usenix.pdf) methods, particularly those which inject anything into the web content.
@@ -50,4 +58,4 @@ This includes **all** extensions that try to change the user agent or other brow
 
 ---
 
-_Special thanks to [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) and [Tommy](https://tommytran.io) for their help with providing advice and further documentation during the research phase._
+*Special thanks to [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) and [Tommy](https://tommytran.io) for their help with providing advice and further documentation during the research phase.*